Tag Archives: finance

Kelly Shepherd, #fakefakefake

My belief that everything on the Internet is true has been irrevocably shattered, all because of what an entertainment executive ordered in his spare time. But the Casey Bloys / “Kelly Shepherd” story is just a tiny bit of what is going on with synthetic identities. And X isn’t the only platform plagued by them, as my LinkedIn experience attests.

By the way, this blog post contains pictures of a lot of people. Casey Bloys is real. Some of the others, not so much.

Blame COVID

Casey Bloys. Fair use. From https://wbd.com/leadership/casey-bloys/

Casey Bloys is the Chairman and CEO of HBO and Max Content. Bloys had to start a recent 2024 schedule presentation with an apology, according to Variety. After explaining how passionate he is about his programming, he went back in time a couple of years to a period that we all remember.

So when you think of that mindset, and then think of 2020 and 2021, I’m home, working from home and spending an unhealthy amount of scrolling through Twitter. And I come up with a very, very dumb idea to vent my frustration.

From Variety.

Casey Bloys’ very, very dumb idea

So why did Bloys have to apologize on Thursday? Because of an article that Rolling Stone published on Wednesday. The article led off with this juicy showbiz tidbit about Bloys’ idea for responding to a critic.

“Maybe a Twitter user should tweet that that’s a pretty blithe response to what soldiers legitimately go through on [the] battlefield,” he texted. “Do you have a secret handle? Couldn’t we say especially given that it’s D-Day to dismiss a soldier’s experience like that seems pretty disrespectful … this must be answered!”

From Rolling Stone.

(A note to my younger readers: Twitter used to be a popular social media service that no longer exists. It was replaced by X.)

Eventually Bloys found someone to create the “secret handle.” Sully Temori is now alleging wrongful termination by HBO (which is why we’re learning about these juicy tidbits, via court filings). But in 2021 he was an executive assistant who wanted to get ahead by pleasing his bosses.

This is where Kelly Shepherd enters the story.

Kelly Shepherd, fake vegan mom

From https://twitter.com/KellySh33889356

Ms. Shepherd seems like a nice woman. A mom, a Texan, a herbalist and aromatherapist, and a vegan. (The cows love that last part.)

Most critically, Shepherd is a normal person, not one of those Hollywood showbiz folks. Although Shepherd, who never posted anything on her own, seems to have a distinct motivation to respond to critics of HBO shows. Take her first reply to a critic from (checks notes) Rolling Stone. (Two years later, Rolling Stone would gleefully report on this story. Watch out who you anger.)

From https://twitter.com/KellySh33889356/status/1379101699969720323

alan is always predictably safe and scared in his opinions

From https://twitter.com/KellySh33889356/status/1379101699969720323

Kelly’s other three replies were along the same lines.

  • All were short one-sentence blurbs.
  • Most were completely in lower case, because that’s how regular non-Hollywood folk tweet.
  • All were critical of those who were critical of HBO, accusing them of “shitting on a show about women,” getting their “panties in a bunch,” and being “busy virtue signaling.”

Hey, if I couldn’t eat hamburgers and my home was filled with weird herbs and aromas, I’d be a little mad too.

And then, a little over a week later, it was over, and Kelly Shepherd never tweeted again. Although Temori apparently performed other activities against HBO critics via other methods. Well, until he was terminated.

Did Kelly Shepherd open a LinkedIn account?

But as part of the plan to satisfy Casey Bloys’ angry whims, Kelly Shepherd acquired a social media account, which she could use as a possible proof of identity.

Even though we now know she doesn’t exist.

But X isn’t the only platform plagued with synthetic identities, and some synthetic identities can do much more than anger an entertainment reviewer.

Many of us on LinkedIn are regularly receiving InMails and connection requests (in my case, from profiles with pictures of beautiful women) who say that we are constantly recommended by LinkedIn, who tell us how impressive our profiles are, and who want to contact us outside of the LinkedIn platform via text message or WhatsApp.

Now perhaps some of these messages are from real people, but I seriously doubt that so many of the employees at John Q Wine & Liquor Winery in New York happen to have the last name “Walter.” And the exact same job title.

Partial results from a LinkedIn search.

Let’s take a close look at what Karina has been doing for the last 4+ years. Other than posing in front of her car, of course.

From https://www.linkedin.com/in/karina-walter-853923245/
From https://www.linkedin.com/in/karina-walter-853923245/

Ms. Walter is a pretty busy freelance general manager / director / content partnerships manager.

As for her colleague Ms. Alice Walter, she has more experience (having started in 2018) but also has an extensive biography that begins:

The United States is a country with innovative challenges, and there is more room for development in the wine industry at John Q Wine & Liquor Winery. I am motivated and love to learn, and like to be exposed to more different cultures, and hope to develop more careers in my future life.

From https://www.linkedin.com/in/alice-walter-b97bb2113/

Sound familiar?

And you can check out Maria Walter’s profile if you’re so inclined. Or at least check out “her” picture.

Now none of the Walters women tried to contact me, but another “employee” (or maybe it was a “freelancer,” I forget) of this company tried to do so, which led my curious nature to discover yet another hive of fake LinkedIn profiles.

Sadly, one person from this company is a second-degree connection, which means that one of my connections accepted “her” connection request.

Synthetic identities are harmless…right?

Who knows what Karina, Alice, and Maria will do with their LinkedIn profiles?

  • Will they connect with other professionals?
  • Will they ask said professionals to move the conversation to SMS or WhatsApp, for whatever reason?
  • Will they apply for new jobs, using their impressive work history? A 98.8% customer satisfaction rate while managing 1,800 sub-partnerships is remarkable.
  • Will they apply for bank accounts…or loans?

The fraud possibilities from fake LinkedIn accounts are endless, and could be very costly for any company who falls for a fake synthetic identity. In fact, FiVerity reports that “in 2020, an estimated $20 billion was lost to SIF” (synthetic identity fraud). Which means that LinkedIn account holders and Partnerships Managers Karina, Alice, and Maria Walter could make a LOT of money.

Now banks and other financial institutions have safeguards to verify financial identities of people who open accounts and apply for loans, because fraud reduction is critically important to financial institutions.

Social media companies? Identity is only “important” to them.

They don’t even care about uniqueness (as Worldcoin does), evidenced by the fact that I have more than two X accounts (but none in which I portray a female Texas mom and vegan).

So if someone comes up to you on X or LinkedIn, remember that all may not be as it seems.

Prepare Yourself

Created by Imgflip.

Money 20/20 is taking place in Las Vegas, Nevada, USA from Sunday, October 22 to Wednesday October 25.

While I am not in Las Vegas, Bredemarket will monitor the goings-on and share relevant news on Facebook (Bredemarket Identity Firm Services group), Instagram (Bredemarket), LinkedIn (Bredemarket Identity Firm Services page), bredemarket.com, and elsewhere.

#biometric

#biometrics

#contentmarketing

#finance

#financialidentity

#fintech

#identity

#money2020

Worldcoin’s “Face/Off” With Authorities in Argentina and Kenya (and alarmists worldwide)

Victoria Gardens, Rancho Cucamonga, California, August 12, 2023.

Can someone pretend to be you if they have no idea who you are?

It’s been a couple of weeks since I last addressed Worldcoin’s activities, but a lot has happened in Kenya, and now in Argentina also. Here’s a succinct (I hope) update that looks beyond the blaring headlines to see what is REALLY happening.

And, at the end of this post, I address what COULD happen if a fraudster “cut off someone’s face, including gouging out their eyes, and then you draped it all over your own face.” Hey, you have to consider ALL the use cases.

From https://blockworks.co/news/worldcoin-privacy-concerns

Argentina and data protection laws

So what is the reality in Argentina? According to CoinDesk, the Argentine Agency for Access to Public Information (AAIP) is conducting an investigation into WorldCoin.

According to the AAIP, an entity like Worldcoin must register with the AAIP, provide information about its data processing policy, and indicate the purpose for collecting sensitive data and the retention period for such data. Additionally, the agency requires details of the security and confidentiality measures applied to safeguard personal information. The AAIP did not confirm whether Worldcoin complies with the standards.

Worldcoin told CoinDesk in an emailed statement that “the project complies with all laws and regulations governing the processing of personal data in the markets where Worldcoin is available, including but not limited to Argentina’s Personal Data Protection Act 25.326.”

From https://www.coindesk.com/policy/2023/08/10/worldcoin-regulatory-scrutiny-grows-as-argentina-opens-investigation/
From http://servicios.infoleg.gob.ar/infolegInternet/anexos/60000-64999/64790/norma.htm

But what is this “personal data” that concerns Argentina so much?

The data that Worldcoin collects

Now a number of companies need to comply with local privacy regulations in numerous countries, and Worldcoin obviously must obey the law in the countries where it conducts business, including laws about personally identifiable information (PII). For illustration, here is an incomplete list of examples of PII, compiled by the University of Pittsburgh:

Name: full name, maiden name, mother’s maiden name, or alias

Personal identification numbers: social security number (SSN), passport number, driver’s license number, taxpayer identification number, patient identification number, financial account number, or credit card number

Personal address information: street address, or email address

Personal telephone numbers

Personal characteristics: photographic images (particularly of face or other identifying characteristics), fingerprints, or handwriting

Biometric data: retina scans, voice signatures, or facial geometry

Information identifying personally owned property: VIN number or title number

Asset information: Internet Protocol (IP) or Media Access Control (MAC) addresses that consistently link to a particular person

From https://www.technology.pitt.edu/help-desk/how-to-documents/guide-identifying-personally-identifiable-information-pii

To my knowledge, Worldcoin acquires PII in two separate instances: when downloading the World App, and when registering at an Orb.

Data collected by the World App

First, Worldcoin collects data when you download the World App. The data that is collected by the iOS version of the World App includes a user ID, the user’s coarse location, a name, contacts, and a phone number. I’ll admit that the collection of contacts is a little odd, but let’s see what happens to that data later in the process.

World App (iOS) privacy information as of August 18, 2023. From https://apps.apple.com/no/app/world-app-worldcoin-wallet/id1560859847

Data collected by the Orb

Second, Worldcoin collects data when you enroll at an Orb.

From https://worldcoin.org/blog/worldcoin/orb-faqs

Obviously the Orb collects iris images, and also collects face images. But what else is collected at the Orb?

Nothing.

Worldcoin documents two use cases in its privacy statement: one “without data custody,” and one “with data custody.” In the first use case:

Your biometric data is first processed locally on the Orb and then permanently deleted. The only data that remains is your iris code. This iris code is a set of numbers generated by the Orb and is not linked to your wallet or any of your personal information. As a result, it really tells us — and everyone else — nothing about you. All it does is stop you from being able to sign up again.

From https://worldcoin.org/privacy

But what about the second use case, in which the user consents to have Worldcoin retain information (so that the user does not have to re-enroll if they get a new phone)?

Your biometric data is first processed locally on the Orb and then sent, via encrypted communication channels, to our distributed secure data stores, where it is encrypted at rest. Once it arrives, your biometric data is permanently deleted from the Orb.

From https://worldcoin.org/privacy

Regardless of whether biometric data is retained or not, other PII isn’t even collected at the Orb:

Since you are not required to provide personal information like your name, email address, physical address or phone number, this means that you can easily sign up without us ever knowing anything about you.

From https://worldcoin.org/privacy

“But John,” you’re saying, “names and phone numbers are not collected at the Orb, but names and phone numbers ARE collected by the World App. So how are the name, phone number, user ID, and ‘iris code’ linked together?” Let me reprint what Worldcoin says about the app:

Your Worldcoin App is your self-custodial wallet. That means, just like a physical wallet, that no banks, governments or corporations can do anything to it — like lose or freeze your money — you’re in complete control.

You also don’t need to enter any personal information to get or use the App. But even if you do, you can rest assured that, unlike others, we will never sell or try to profit from your personal information.

From https://worldcoin.org/privacy

So apparently, while the World App asks for your name, it is not a mandatory field. I just confirmed this on my World App (which I enabled on May 16, without orb verification); the only identifying information that I could find was my phone number and my user ID.

And I’m assuming that if I were to enroll at an Orb, the iris code would be linked to my user ID.

Depending upon Worldcoin’s internal architecture:

  • It’s possible that the iris code could be linked to my phone number, either intentionally or unintentionally. But even if it is, an iris code in and of itself is useless outside of the Worldcoin ecosystem. In the same way that an Aware, IDEMIA, NEC, or Thales fingerprint template (not the fingerprint image) can’t be used to generate a full fingerprint image, a Worldcoin iris code can’t be used to generate a full iris image.
  • If I choose the “with data custody” option, my biometric images could be linked to my phone number. Again, they could be linked either intentionally or unintentionally. If such a linkage exists, then that IS a problem. If a user chooses to back up both their World App data and their Orb biometric image data with Worldcoin (and again, the user must CHOOSE to back up both sets of data), how does Worldcoin ensure that the two sets of data can’t be linked?

Presumably Argentina’s AAIP will investigate Worldcoin’s architecture to ensure that there are no financial identity threats.

Which leads us to Kenya.

Kenya and data protection laws

When we last visited Kenya and Worldcoin on August 2, the government had announced that “(r)elevant security, financial services and data protection agencies have commenced inquiries and investigations to establish the authenticity and legality of the aforesaid activities, the safety and protection of the data being harvested, and how the harvesters intend to use the data.”

Those investigations continue, Worldcoin’s Kenya offices have been raided, and Parliament is angry at the regulatory authorities…for not doing enough. The article that reports this states that the Data Protection Unit feels it is not responsible for investigating the “core business” of the registered companies, but Parliament feels otherwise.

The article also makes another interesting statement:

…the office failed to conduct background checks on the company, whose operations have been banned in both the United States of America (USA) and Germany.

From https://nation.africa/kenya/news/you-ve-failed-kenyans-mps-tell-data-commissioner-immaculate-kassait-over-worldcoin-saga-4338518

Um, fake fake fake.

Victoria Gardens, Rancho Cucamonga, California, August 12, 2023.

As I previously noted, I can visit an Orb in Santa Monica, California to register my irises. Last I checked, Santa Monica is still part of the United States of America (USA).

Now what I CAN’T do is obtain some Worldcoin when I register my irises.

In addition, Worldcoin tokens (“WLD”) are not intended to be available for use, purchase, or access by US persons, including US citizens, residents, or persons in the United States, or companies incorporated, located, or resident in the United States, or who have a registered agent in the United States. We do not make WLD available to such US persons. Furthermore, you agree that you will not sell, transfer or make available WLD to US persons.

From User Terms And Conditions, Version 3.10, Effective August 2, 2023, https://worldcoin.pactsafe.io/rkuawsvk5.html#contract-qx3iz24-o

But US persons can still download the app and provide irises to our hearts’ content.

We just can’t get any crypto.

And for the Argentine and Kenyan authorities, the main reason they care about this is the crypto.

Worldcoin is useless for most identification use cases

I’ll make the point that I made before.

Worldcoin is NOT a tool to identify and exploit poor people.

In fact, as the term is commonly understood, Worldcoin does not, and cannot, identify ANYONE.

This is by design.

World ID is a digital passport that lets you prove you are a unique and real person while remaining anonymous.

From https://worldcoin.org/world-id

So if you think that obtaining a World ID will allow you to

  • open a bank account,
  • obtain state welfare benefits, or
  • vote in a local election…

…think again.

Worldcoin CANNOT identify you as a known individual.

It can only establish your uniqueness.

But what about the hacks?

But if you’d like to be unsettled, I’ll close with a quote from another Blockworks article written by someone who visited an Orb in Brooklyn, New York. Last I checked, Brooklyn is still part of the United States of America (USA).

I continued on a darker vein: What if a criminal mastermind decided to cut out someone’s eyes, and use them to steal their identity?

The Orb engineer told me that it wouldn’t work. This Orb needs to see alive, blinking eyes, and a human face that is real attached to them. A picture of someone’s eyes won’t scan, robot eyes won’t scan, canine eyes won’t scan.

But then I got him.

If you cut off someone’s face, including gouging out their eyes, and then you draped it all over your own face, could you register as them with a Worldcoin scanner and steal their identity?

Yes. 

Although he promised that the Worldcoin R&D team has not tested this particular edge case.

From https://blockworks.co/news/worldcoin-eyeballs-scan-brooklyn
Fair use. From https://littlebitsofgaming.com/2021/04/06/face-off-the-plot-hole/

(Repeats to myself) Face/Off was only a movie…Face/Off was only a movie…

Communicating How Your Firm Fights Synthetic Identities

(Updated question count 10/23/2023)

Does your firm fight crooks who try to fraudulently use synthetic identities? If so, how do you communicate your solution?

This post explains what synthetic identities are (with examples), tells four ways to detect synthetic identities, and closes by providing an answer to the communication question.

While this post is primarily intended for identity firms who can use Bredemarket’s marketing and writing services, anyone else who is interested in synthetic identities can read along.

What are synthetic identities?

To explain what synthetic identities are, let me start by telling you about Jason Brown.

Jason Brown wasn’t Jason Brown

You may not have heard of him unless you lived in Atlanta, Georgia in 2019 and lived near the apartment he rented.

Jason Brown’s renting of an apartment isn’t all that unusual.

If you were to visit Brown’s apartment in February 2019, you would find credit cards and financial information for Adam M. Lopez and Carlos Rivera.

Now that’s a little unusual, especially since Lopez and Rivera never existed.

For that matter, Jason Brown never existed either.

Brown was synthetically created from a stolen social security number and a fake California driver’s license. The creator was a man named Corey Cato, who was engaged in massive synthetic identity fraud. If you want to talk about a case that emphasizes the importance of determining financial identity, this is it.

From https://www.ice.gov/news/releases/hsi-investigates-synthetic-identities-scheme-defrauded-banks-nearly-2m

A Georgia man was sentenced Sept. 1 (2022) to more than seven years in federal prison for participating in a nationwide fraud ring that used stolen social security numbers, including those belonging to children, to create synthetic identities used to open lines of credit, create shell companies, and steal nearly $2 million from financial institutions….

Cato joined conspiracies to defraud banks and illegally possess credit cards. Cato and his co-conspirators created “synthetic identities” by combining false personal information such as fake names and dates of birth with the information of real people, such as their social security numbers. Cato and others then used the synthetic identities and fake ID documents to open bank and credit card accounts at financial institutions. Cato and his co-conspirators used the unlawfully obtained credit cards to fund their lifestyles.

From https://www.ice.gov/news/releases/hsi-investigates-synthetic-identities-scheme-defrauded-banks-nearly-2m

Talking about synthetic identity at Victoria Gardens

Here’s a video that I created on Saturday that describes, at a very high level, how synthetic identities can be used fraudulently. People who live near Rancho Cucamonga, California will recognize the Victoria Gardens shopping center, proof that synthetic identity theft can occur far away from Georgia.

From https://www.youtube.com/watch?v=oDrSBlDJVCk

Note that synthetic identity theft different from stealing someone else’s existing identity. In this case, a new identity is created.

So how do you catch these fraudsters?

Catching the identity synthesizers

If you’re renting out an apartment, and Jason Brown shows you his driver’s license and provides his Social Security Number, how can you detect if Brown is a crook? There are four methods to verify that Jason Brown exists, and that he’s the person renting your apartment.

Method One: Private Databases

One way to check Jason Brown’s story is to perform credit checks and other data investigations using financial databases.

  • Did Jason Brown just spring into existence within the past year, with no earlier credit record? That seems suspicious.
  • Does Jason Brown’s credit record appear TOO clean? That seems suspicious.
  • Does Jason Brown share information such as a common social security number with other people? Are any of those other identities also fraudulent? That is DEFINITELY suspicious.

This is one way that many firms detect synthetic identities, and for some firms it is the ONLY way they detect synthetic identities. And these firms have to tell their story to their prospects.

If your firm offers a tool to verify identities via private databases, how do you let your prospects know the benefits of your tool, and why your solution is better than all other solutions?

Method Two: Check That Driver’s License (or other government document)

What about that driver’s license that Brown presented? There are a wide variety of software tools that can check the authenticity of driver’s licenses, passports, and other government-issued documents. Some of these tools existed back in 2019 when “Brown” was renting his apartment, and a number of them exist today.

Maybe your firm has created such a tool, or uses a tool from a third party.

If your firm offers this capability, how can your prospects learn about its benefits, and why your solution excels?

Method Three: Check Government Databases

Checking the authenticity of a government-issued document may not be enough, since the document itself may be legitimate, but the implied credentials may no longer be legitimate. For example, if my California driver’s license expires in 2025, but I move to Minnesota in 2023 and get a new license, my California driver’s license is no longer valid, even though I have it in my possession.

Why not check the database of the Department of Motor Vehicles (or the equivalent in your state) to see if there is still an active driver’s license for that person?

The American Association of Motor Vehicle Administrators (AAMVA) maintains a Driver’s License Data Verification (DLDV) Service in which participating jurisdictions allow other entities to verify the license data for individuals. Your firm may be able to access the DLDV data for selected jurisdictions, providing an extra identity verification tool.

If your firm offers this capability, how can your prospects learn where it is available, what its benefits are, and why it is an important part of your solution?

Method Four: Conduct the “Who You Are” Test

There is one more way to confirm that a person is real, and that is to check the person. Literally.

If someone on a smartphone or videoconference says that they are Jason Brown, how do you know that it’s the real Jason Brown and not Jim Smith, or a previous recording or simulation of Jason Brown?

This is where tools such as facial recognition and liveness detection come to play.

  • You can ensure that the live face matches any face on record.
  • You can also confirm that the face is truly a live face.

In addition to these two tests, you can compare the face against the face on the presented driver’s license or passport to offer additional confirmation of true identity.

Now some companies offer facial recognition, others offer liveness detection, others match the live face to a face on a government ID, and many companies offer two or three of these capabilities.

One more time: if your firm offers these capabilities—either your own or someone else’s—what are the benefits of your algorithms? (For example, are they more accurate than competing algorithms? And under what conditions?) And why is your solution better than the others?

This is for the firms who fight synthetic identities

While most of this post is of general interest to anyone dealing with synthetic identities, this part of this post is specifically addressed to identity and biometric firms who provide synthetic identity-fighting solutions.

When you communicate about your solutions, your communicator needs to have certain types of experience.

  • Industry experience. Perhaps you sell your identity solution to financial institutions, or educational institutions , or a host of other industries (gambling/gaming, healthcare, hospitality, retailers, or sport/concert venues, or others). You need someone with this industry experience.
  • Solution experience. Perhaps your communications require someone with 29 years of experience in identity, biometrics, and technology marketing, including experience with all five factors of authentication (and verification).
  • Communication experience. Perhaps you need to effectively communicate with your prospects in a customer focused, benefits-oriented way. (Content that is all about you and your features won’t win business.)

Perhaps you can use Bredemarket, the identity content marketing expert. I work with you (and I have worked with others) to ensure that your content meets your awareness, consideration, and/or conversion goals.

How can I work with you to communicate your firm’s anti-synthetic identity message? For example, I can apply my identity/biometric blog expert knowledge to create an identity blog post for your firm. Blog posts provide an immediate business impact to your firm, and are easy to reshare and repurpose. For B2B needs, LinkedIn articles provide similar benefits.

If Bredemarket can help your firm convey your message about synthetic identity, let’s talk.

And thirteen more things

If you haven’t read a Bredemarket blog post before, or even if you have, you may not realize that this post is jam-packed with additional information well beyond the post itself. This post alone links to the following Bredemarket posts and other content. You may want to follow one or more of the 13 links below if you need additional information on a particular topic:

  1. Synthetic Identity video (YouTube), August 12, 2023. https://www.youtube.com/watch?v=oDrSBlDJVCk
  2. Using “Multispectral” and “Liveness” in the Same Sentence (Bredemarket blog), June 6, 2023. https://bredemarket.com/2023/06/06/using-multispectral-and-liveness-in-the-same-sentence/
  3. Who is THE #1 NIST facial recognition vendor? (Bredemarket blog), February 23, 2022. https://bredemarket.com/2022/02/23/number1frvt/
  4. Financial Identity (Bredemarket website). https://bredemarket.com/financial-identity/
  5. Educational Identity (Bredemarket website). https://bredemarket.com/educational-identity/
  6. The five authentication factors (Bredemarket blog), March 2, 2021. https://bredemarket.com/2021/03/02/the-five-authentication-factors/
  7. Customer Focus (Bredemarket website). https://bredemarket.com/customer-focus/
  8. Benefits (Bredemarket website). https://bredemarket.com/benefits/
  9. Seven Questions Your Content Creator Should Ask You: the e-book version (Bredemarket blog and e-book), October 22, 2023. https://bredemarket.com/2023/10/22/seven-questions-your-content-creator-should-ask-you-the-e-book-version/
  10. Four Mini-Case Studies for One Inland Empire Business—My Own (Bredemarket blog and e-book), April 16, 2023. https://bredemarket.com/2023/04/16/four-mini-case-studies-for-one-inland-empire-business-my-own/
  11. Identity blog post writing (Bredemarket website). https://bredemarket.com/identity-blog-post-writing/
  12. Blog About Your Identity Firm’s Benefits Now. Why Wait? (Bredemarket blog), August 11, 2023. https://bredemarket.com/2023/08/11/blog-about-your-identity-firms-benefits-now-why-wait/
  13. Why Your Company Should Write LinkedIn Articles (Bredemarket LinkedIn article), July 31, 2023. https://www.linkedin.com/pulse/why-your-company-should-write-linkedin-articles-bredemarket/

That’s twelve more things than the Cupertino guys do, although my office isn’t as cool as theirs.

By Arne Müseler / http://www.arne-mueseler.com, CC BY-SA 3.0 de, https://commons.wikimedia.org/w/index.php?curid=78985341

Well, why not one more?

Here’s my latest brochure for the Bredemarket 400 Short Writing Service, my standard package to create your 400 to 600 word blog posts and LinkedIn articles. Be sure to check the Bredemarket 400 Short Writing Service page for updates.

Bredemarket 400 Short Writing Service (June 2022)Download

If that doesn’t fit your needs, I have other offerings.

Plus, I’m real. I’m not a bot.

Catching Financial Fraudsters with Physical Evidence

There are a variety of ways that you can catch fraudsters who try to steal someone’s financial identity, but sometimes the simple ones work best.

The U.S. Department of Justice recently reported on a traffic stop that occurred three years ago.

From https://www.justice.gov/usao-mdga/pr/macon-man-sentenced-prison-resulting-identity-theft-investigation

Monroe County Sheriff’s deputies found eight debit cards and three driver’s licenses belonging to other people in (Jamal Denzel) Austin’s possession during a traffic stop for reckless driving and failing to maintain lane on Jan. 19, 2020. A subsequent investigation revealed that Austin, who worked at an Atlanta club, had used two stolen identities to register two separate fictious (sic) businesses with the Georgia Secretary of State’s Office to obtain two Capital One business credit cards with credit limits of $30,000 and $20,000.

From https://www.justice.gov/usao-mdga/pr/macon-man-sentenced-prison-resulting-identity-theft-investigation

Three driver’s licenses? Yikes.

The investigation, which also included participation by the United States Secret Service and other local, state, and federal agencies, also uncovered a stolen $49,000 check.

Well, Austin lost the stolen money and his freedom. He was sentenced to 48 months in federal prison.

Now I’ll grant the early stages of this investigation aren’t as sexy as other fraud detection methods, but it worked.

Fraudsters, stay in your lane.

Financial Identity: Which Firms Can Remotely Onboard Financial Customers?

Bank of America, Euclid Avenue, Ontario, California.

Here’s a sign of the times from Ontario, California. The sign at the end of this video appears on the door of a bank branch in downtown Ontario, and basically says that if you wanted to go to THIS branch on Saturday, you’re out of luck.

Of course, that assumes that you actually WANT to go to a physical bank branch location. Unlike the old days, when banks were substantive buildings that you visited to deposit and withdraw money, now banks can be found in our smartphones.

What locational, technological, and organizational changes have taken place at banks over the last 50 years? And now that you can open an account to buy crypto on your smartphone, does your financial institution’s onboarding solution actually WORK in determining financial identity?

Three changes in banking over the last fifty years

Over the last fifty years, banking has changed to the point where someone from 1973 wouldn’t even recognize “banking” today. Stick around to see a video from a company called “Apple” showing you how to use a “wallet” on a “smartphone” to pay for things even if you’re not carrying your “chip card.” Karl Malden would be spinning in his grave. So let’s talk about the three changes:

  1. The locational change.
  2. The technological change.
  3. The organizational change.

The locational change: from stand-alone buildings to partitioned grocery store sections

When I was growing up, a “bank” (or a “savings & loan,” which we will discuss later) was located in a building where you would go on weekdays (or even Saturdays!) and give money to, or get money from, a person referred to as a teller.

By Dennis Brown – Own work, CC BY 3.0, https://commons.wikimedia.org/w/index.php?curid=5214388

There was this whole idea of “going to the bank,” perhaps on your lunch hour because you couldn’t go to the bank on Sunday at midnight, could you?

The first crack in the whole idea of “going to the bank” was the ability to bank without entering the door of the bank…and being able to bank on Sunday at midnight if you felt like it. Yes, I’m talking about Automated Teller Machines (ATMs), where the “teller,” instead of being a person, was a bunch of metal and a TV screen. The first ATM appeared in 1967, but they didn’t really become popular until several years later.

Actor Reg Varney using the world’s first cash machine at Barclays Bank, Enfield, north London on 27 June 1967. https://en.wikipedia.org/w/index.php?curid=12747908

For the most part, these ATMs were located at the bank buildings themselves. But those buildings were costly, and as competition between banks increased, banks sought alternatives. By 1996, a new type of banking location emerged (PDF):

The largest U.S. commercial banks are restructuring their retail operations to reduce the cost disadvantage resulting from a stagnant deposit base and stiffer competition. As part of this effort, some banks are opening “supermarket,” or “in-store,” branches: a new type of banking office within a large retail outlet. An alternative to the traditional bank office, the supermarket branch enables banks to improve the efficiency of the branch network and offer greater convenience to customers.

From https://www.newyorkfed.org/medialibrary/media/research/current_issues/ci2-13.pdf
From https://www.digitalcheck.com/postal-banking-no-need-to-play-the-political-game/

To traditionalists, these bank branches looked pretty flimsy. Where are the brick and (fake) marble walls that protect my cash? Heck, anyone can walk into the store and just steal all my money, right?

Well, these newfangled bank branches apparently WERE able to protect our cash, and the idea of banking right in the grocery store proved to be very popular because of its convenience.

But the changes were just beginning.

The technological change: from store sections to smartphones

As banks changed where they were located, there were technological changes also.

During the 1990s, more and more people were using home computers. As the computers and their security became more and more sophisticated, some people asked why we needed to “go to the bank” (either a stand-alone building or a partitioned area next to the cigarettes) at all. Why not just bank at the computer? So PC banking emerged.

Interpol and Deutsche Bank. The cover art can be obtained from Kling Klang and EMI Electrola., Fair use, https://en.wikipedia.org/w/index.php?curid=42639079

The term “PC banking” refers to the online access of banking information from a personal computer. A solution for both personal or business banking needs, this type of financial management allows you to conduct transactions using an Internet connection and your computer in lieu of a trip to the local bank branch or the use of an ATM. PC banking enables an account holder to perform real-time account activities and effectively manage finances in a way that avoids the hassle of daytime bank visits and eliminates the postage required to pay bills by mail.

From https://smallbusiness.chron.com/pc-banking-72403.html

Ah yes; there was another benefit. You could use the computer to pay your bills electronically. The U.S. Postal Service was NOT a fan of this change.

As we crossed into the new millennium, the online banking ideas got even wilder. Cellular telephones, which followed a modified version of the “Princess phone” form factor, became more complex devices with their own teeny-tiny screens, just like their larger computer cousins. Eventually, banks began offering their services on these “smartphones,” so that you didn’t even need a computer to perform your banking activities.

Imagine putting the video below on 8mm film and traveling back in time to show it to a 1973 banking customer. They would have no idea what was going on in the film.

https://www.youtube.com/watch?v=znIOqQLbNFk
From https://www.youtube.com/watch?v=znIOqQLbNFk

But are PC and smartphone banking secure? After all, smartphones don’t have brick or (fake) marble walls. We’ll get to that question.

The organizational change: from banks to…who knows what?

The third change was not locational or technological, but a change in terms of business organization. Actually, many changes.

Back in 1973, the two major types of banks were banks, and something called “savings & loans.” Banks had been around for centuries, but savings & loans were a little newer, having started in 1831. They were regulated a little differently: banks were insured by the FDIC, S&Ls by the FSLIC.

From https://mises.org/library/savings-and-loan-debacle-twenty-five-years-later

Everything was all hunky dory until the 1980s, when the S&Ls started collapsing. This had monumental effects; for example, this PDF documenting the S&L crisis is hosted on the FDIC website, because the FSLIC was abolished many years ago.

After savings & loans became less popular, other “banks” emerged.

But there was one similarity between banks, savings & loans, credit unions, and payday loans. They all dealt in U.S. dollars (or the currency of the nation where they were located).

Enter the crypto providers, who traded cryptocurrencies that weren’t backed by any government. Since they were very new entrants, they didn’t have to make the locational and technological changes that banks and related entities had to make; they zoomed straight to the newest methods. Everything was performed on your smartphone (or computer), and you never went to a physical place.

Now, let’s open a financial account

Back in 1973, the act of opening an account required you to travel to a bank branch, fill out some forms, and give the teller some form of U.S. dollars.

You can still do that today, for the most part. But it was hard to do that in the summer and fall of 2020 when Bredemarket started.

Bredemarket pretty much started because of the COVID-19 pandemic, and those first few months of Bredemarket’s existence were adversely affected by COVID-19. When I wanted to start a bank account for Bredemarket, I COULDN’T travel to my nearby bank branch to open an account. I HAD to open my account with my computer.

So, without a teller (human or otherwise) even meeting me, I had to prove that I was a real person, and give my bank enough information during onboarding so that they knew I wasn’t a money-laundering terrorist. Banks had to follow government regulations (know your customer, anti-money laundering, know your business), even in the midst of a worldwide pandemic.

This onboarding process had to be supported whether you were or were not at a physical location of a financial institution.

  • Whether you were conducting business in person, on a computer, or on a smartphone.
  • Whether you were working with U.S. dollars or (as crypto regulations tightened) something named after a dog or an entire planet or whatever.

How can you support all that?

Liminal’s “Link™ Index for
Account Opening in Financial Services”

Back in 2020 when I was onboarding the new-fashioned way, I had no way of predicting that in less than two years, I would be working for a company that helped financial institutions onboard customers the new-fashioned way.

At the time, I estimated that there were over 80 companies that provided such services.

According to Liminal, my estimate was too low. Or maybe it was too high.

Liminal’s July 2023 report, “Link™ Index for Account Opening in Financial Services,” covers companies that provide onboarding services that allow financial institutions to use their smartphone apps (or web pages) to sign up new clients.

Account opening solutions for the financial services industry are critical to ensuring compliance and preventing fraud, enabling companies to effectively identify new users during customer registration and deliver a seamless onboarding experience. The primary purpose of these solutions is to facilitate mandatory compliance checks, with a particular emphasis on the Know Your Customer (KYC) process.

From https://liminal.co/research/link-index/account-opening-financial-services/

If I can summarize KYC in layperson terms, it basically means that the person opening a financial institution account is who they say they are. For example, it ensures that Vladimir Putin can’t open a U.S. bank acccount under the name “Alan Smithee” to evade U.S. bans on Russian national transctions.

Remember how I found over 80 identify proofing vendors? Liminal found a few more who claimed to offer identity proofing, but thinks that less than 80 firms can actually deliver.

Around 150 vendors claim to offer account opening compliance and fraud solutions in banking, but only 32 (21.3%) have the necessary product features to meet buyer demands.

From https://liminal.co/research/link-index/account-opening-financial-services/

The firms identified by Liminal include my (now former) employer Incode Technologies, plus some others in the industry.

Leading Vendors Profiled

Alloy, Au10tix, Bureau, Caf, Contactable, Effectiv, Experian, FrankieOne, GBG, GeoComply, IDnow, ID.me, iDenfy, IDMERIT, Incode, Jumio, LexisNexis Risk Solutions, MetaMap, Mitek, Onfido, Persona, Plaid, Prove, Refinitiv, ShuftiPro, Signicat, Signzy, Socure, Sumsub, TransUnion, Trulioo, Veriff.

From https://liminal.co/research/link-index/account-opening-financial-services/

Now I have not purchased the entire Liminal report, and even the Executive Summary (which I do have) is “privileged and confidential” so I can’t reprint it here. But I guess that I can say that Liminal used something called the “Link Score” to determine which vendors made the top category, and which didn’t.

I’m not sure how the vendors who DIDN’T make the top category are reacting to their exclusion, but I can bet that they’re not happy.

Writing about Financial Identity

As you can gather, there are a number of issues that you have to address if you want to employ identity proofing at a financial institution.

And if you’re an identity firm or financial institution, you need to provide the right information to your customers, and write it in a way that will motivate your customers to take the action you want them to take.

Speaking of motivating customers, are you with an identity firm or financial institution and need someone to write your marketing text?

  • Someone with 29 years of identity/biometric marketing experience?
  • Someone who consistently tosses around acronyms like ABM, FRVT, KYB, KYC, and PAD, but who would never dump undefined acronyms on your readers? (If you’re not a financial/identity professional and don’t know these acronyms, they stand for anti-money laundering, Face Recognition Vendor Test, Know Your Business, Know Your Customer, and Presentation Attack Detection.)
  • Someone who will explain why your customers should care about these acronyms, and the benefits a compliant solution provides to them?

If I can help you create your financial identity content, we need to talk.